# Manage Admin User Accounts

<p class="callout info">Creating and managing administrator accounts in OPSCOM is essential for granting system access to staff, defining their responsibilities through roles, and maintaining secure and accurate user records. This article guides OPSCOM administrators through the process of creating new admin accounts, editing existing ones, resetting passwords, and disabling accounts as needed.</p>

### Using this Feature  


1. Hover over **System Configuration,** click **Admin Management,** then **Edit Admin Users**. The **Manage Active Administrators** screen displays, providing options for both new user creation and existing user modification.

##### <span style="text-decoration: underline;">Creating a New Admin Account</span>

1. On the **Manage Active Administrators** screen, select **+ Create New Admin**.
2. The screen will display the **Create New Administrator** form divided into two sections: 
    - On the left, you will **enter the user information** for the new administrator (e.g., username, first name, last name, email, and initial password).
    - On the right, in the **Active Roles** form, you will **select the admin role(s)** this person will be granted. For more information about Roles and Permissions [refer to this wiki article](https://opscom.wiki/books/setup-configuration-for-admins/page/manage-roles-and-permissions).
3. Once all information is entered and roles are selected, click **Insert New User** to add the admin account to the system.

<p class="callout warning">Multi-factor Authentication (MFA) is now **required** when creating an Admin account. After the account is created, it must first be accessed through the Admin portal before attempting to sign in on a handheld device. During the initial login, a One-Time Password (OTP) will be sent to the email associated with the new Admin account, and you will be prompted to reset the password. For more details, please refer to our <span style="color: rgb(35, 111, 161);">[MFA wiki article](https://opscom.wiki/books/the-opscom-admin-portal/page/enhanced-admin-security-multi-factor-authentication-mfa-with-operationscommander)</span>.  
</p>

##### <span style="text-decoration: underline;">Editing an Existing Admin Account</span>

1. On the **Manage Active Administrators** page, select the user you wish to modify.
2. You can now change any of the available options for that selected user, including their personal information, roles, and account status.
3. Click **Update User** when you are finished making your changes.

##### <span style="text-decoration: underline;">Viewing Login Activity</span>

- For any selected user, you can click the **Login Activity** button to view a log of when the administrator last logged into the OPSCOM system or a handheld device.
- Additional admin activity has been added on: 
    - Log out
    - New incident creation
    - Incident marked as opened
    - Incident marked as closed

##### <span style="text-decoration: underline;">Resetting an Admin's Password</span>

1. Locate the specific administrator's account.
2. In the **Password** field, enter a temporary password. The password is hidden (displayed as asterisks "\*\*\*\*\*\*\*\*\*\*"), but you can simply type over the existing symbols.
3. **Inform the admin of this temporary password.**
4. When the admin logs in using the temporary password, they will be prompted to update their password to a more secure, personal one.

##### <span style="text-decoration: underline;">Disabling an Admin Account</span>

Admin users cannot be permanently deleted from the system because their accounts are often linked to historical data (e.g., ticket issuance, system changes). If an admin user changes roles or leaves the organization, the best practice is to disable their account.

<p class="callout warning">**Important Reporting Note -** It is very important to leave the admin user's permissions in place even when disabling their account, as these permissions will still affect historical reporting (e.g., showing which permissions were active at the time certain actions were performed). Once the account is disabled, any existing permissions obviously cannot be actioned by that user, but they remain associated for reporting purposes.</p>

1. Hover over the **System Configuration** menu, click **Admin Management,** then **Edit Admin Users**.
2. Select the user's account you wish to disable (e.g., "jim\_daniels").
3. The user's profile will display. Locate the checkbox titled **Activate this account and allow system login**.
4. **Uncheck** this box to disable the account.
5. Click **Update User** to apply the change.

After disabling, the account will now appear on the **Manage Disabled Administrators** page, accessed by clicking on **View Disabled** on the **Manage Active Administrators** page.

<p class="callout info">This action can be reversed at any time by editing the user account and re-checking the **Activate this account and allow system login** checkbox.</p>

---

### <span style="color: rgb(22, 145, 121);">Best Practices &amp; Considerations</span>

- <span style="color: rgb(22, 145, 121);">**Secure Initial Passwords**: When creating new accounts or resetting passwords, use strong, temporary passwords and instruct users to change them immediately upon first login.</span>
- <span style="color: rgb(22, 145, 121);">**Role-Based Access**: Always assign appropriate roles to admin users. Avoid giving **Primary Administrator** access unless absolutely necessary. Granular roles ensure users only have access to the functions they need.</span>
- <span style="color: rgb(22, 145, 121);">**Prompt Disabling**: Disable accounts promptly when an employee's role changes or they leave the organization. This is a critical security measure.</span>
- <span style="color: rgb(22, 145, 121);">**Audit Login Activity**: Regularly review the **Login Activity** for admin accounts to monitor for unusual patterns or unauthorized access attempts.</span>
- <span style="color: rgb(22, 145, 121);">**Clear Documentation**: Maintain internal records of your admin accounts, their assigned roles, and any specific notes, especially for disabled accounts.</span>

---

### Related Video

<iframe class="youtube-player conf-macro output-block" data-hasbody="false" data-macro-id="4f89c267-ac4f-4257-92c9-2a13a09ad8c8" data-macro-name="widget" frameborder="0" height="395" src="https://www.youtube.com/embed/pKpDFhMcTXA?wmode=opaque" style="width: 790px; height: 395px;" width="790"></iframe>

<iframe class="youtube-player conf-macro output-block" data-hasbody="false" data-macro-id="3112f0db-7e8e-403e-bb30-e14476901429" data-macro-name="widget" frameborder="0" height="397" src="https://www.youtube.com/embed/VDg5pjzDc28?wmode=opaque" style="width: 794px; height: 397px;" width="794"></iframe>